Lecture Notes in Computer Science 7460 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison,UK TakeoKanade,USA JosefKittler,UK JonM.Kleinberg,USA AlfredKobsa,USA FriedemannMattern,Switzerland JohnC.Mitchell,USA MoniNaor,Israel OscarNierstrasz,Switzerland C.PanduRangan,India BernhardSteffen,Germany MadhuSudan,USA DemetriTerzopoulos,USA DougTygar,USA GerhardWeikum,Germany Advanced Research in Computing and Software Science SublineofLecturesNotesinComputerScience SublineSeriesEditors GiorgioAusiello,UniversityofRome‘LaSapienza’,Italy VladimiroSassone,UniversityofSouthampton,UK SublineAdvisoryBoard SusanneAlbers,UniversityofFreiburg,Germany BenjaminC.Pierce,UniversityofPennsylvania,USA BernhardSteffen,UniversityofDortmund,Germany MadhuSudan,MicrosoftResearch,Cambridge,MA,USA DengXiaotie,CityUniversityofHongKong JeannetteM.Wing,CarnegieMellonUniversity,Pittsburgh,PA,USA Antoine Miné David Schmidt (Eds.) Static Analysis 19th International Symposium, SAS 2012 Deauville, France, September 11-13, 2012 Proceedings 1 3 VolumeEditors AntoineMiné ÉcoleNormaleSupérieure Départementd’Informatique 45,rued’Ulm 75005Paris,France E-mail:[email protected] DavidSchmidt KansasStateUniversity DepartmentofComputingandInformationSciences 234NicholsHall Manhattan,KS66506,USA E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-642-33124-4 e-ISBN978-3-642-33125-1 DOI10.1007/978-3-642-33125-1 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:2012945543 CRSubjectClassification(1998):D.2.4-5,D.2.7,D.3.1-2,D.3.4,F.3.1-3,F.4.1 LNCSSublibrary:SL2–ProgrammingandSoftwareEngineering ©Springer-VerlagBerlinHeidelberg2012 Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnotimply, evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotectivelaws andregulationsandthereforefreeforgeneraluse. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface Static analysis is increasingly recognized as a fundamental tool for program verification, bug detection, compiler optimization, program understanding, and software maintenance. The series of Static Analysis Symposia has served as the primaryvenueforpresentationoftheoretical,practical,andapplicationadvances in the area. Thisvolumecontainstheproceedingsofthe19thInternationalStaticAnaly- sisSymposium,SAS2012,whichwasheldduringSeptember11–13inDeauville, France. Previous symposia were held in Venice, Perpignan, Los Angeles, Valen- cia, Kongens Lyngby, Seoul, London, Verona, San Diego, Madrid, Paris, Santa Barbara,Pisa, Aachen, Glasgow, and Namur. As in the last two years, the 19th International Static Analysis Symposium was held together with three workshops. The 4th Workshop on Numerical and Symbolic Abstract Domains (NSAD 2012) and the Third Workshop on Static Analysis and Systems Biology (SASB 2012) were held in parallel on September 10. The Third Workshop on Tools for Automatic Program AnalysiS (TAPAS 2012) was held on September 14. The programof the 19thInternationalStatic Analysis Symposium consisted in the presentation of 25 articles selected among 62 submissions from 23 coun- tries.ThecontributionswereselectedbytheProgramCommitteebasedonscien- tific quality,originality,andrelevancetoSAS,afterarigorousreviewingprocess involving at least three Program Committee members and external reviewers. In addition to the contributed papers, the program of the symposium featured four invited presentations by Gilles Barthe (IMDEA Software Institute, Spain), Dino Distefano (Queen Mary University of London and Monoidics, UK), Shri- ram Krishnamurthi (Brown University, USA), and Jens Palsberg (University of California, Los Angeles, USA). This volume includes an invited article by Jens Palsberg et al. We would like to thank the external reviewers for their participation in the reviewing process.We would alsolike to thank the D´epartementd’informatique del’E´colenormalesup´erieureandtheD´elegationr´egionaleduCNRSParisBfor their administrative support. We thank the EasyChairteam for the use of their software.We aregratefultooursponsors:CNRS,E´colenormalesup´erieure,and INRIA. September 2012 Antoine Min´e Dave Schmidt Organization Program Chairs Antoine Min´e CNRS and E´cole Normale Sup´erieure, France David Schmidt Kansas State University, USA Program Committee Elvira Albert Complutense University of Madrid, Spain Patrick Cousot E´cole Normale Sup´erieure, France and New York University, USA Pietro Ferrara ETH Zurich, Switzerland Gilberto Fil`e University of Padova, Italy Chris Hankin Imperial College London, UK Suresh Jagannathan Purdue University, USA Matthieu Martel Universit´e de PerpignanVia Domitia, France Matthew Might University of Utah, USA Anders Møller Aarhus University, Denmark David Monniaux CNRS, Verimag, France Markus Mu¨ller-Olm Universita¨t Mu¨nster, Germany Andreas Podelski University of Freiburg, Germany G. Ramalingam Microsoft Research, India Sriram Sankaranarayanan University of Colorado Boulder, USA Francesca Scozzari Universit`a di Chieti-Pescara, Italy Manu Sridharan IBM Research, USA Thomas Wies New York University, USA Eran Yahav Technion, Israel Kwangkeun Yi Seoul National University, Korea Steering Committee Patrick Cousot E´cole Normale Sup´erieure, France and New York University, USA Radhia Cousot CNRS and E´cole Normale Sup´erieure, France Roberto Giacobazzi University of Verona, Italy Gilberto Fil`e University of Padova, Italy Manuel Hermenegildo IMDEA Software Institute, Spain David Schmidt Kansas State University, USA VIII Organization Additional Reviewers Diego Esteban Alonso-Blas Wonchan Lee Gianluca Amato Woosuk Lee Sylvie Boldo Shuying Liang Olivier Bouissou Mark Marron Hugues Cass´e Isabella Mastroeni Pavol Cˇerny´ Laurent Mauborgne Alexandre Chapoutot Yuri Meshman Sungkeun Cho Andrzej Murawski Livio Colussi Benedikt Nordhoff Mauro Conti Aditya Nori Jesu´s Correas Ferna´ndez Hakjoo Oh Antonio Flores-Montoya Nimrod Partush Goran Frehse Simon Perdrix Sumit Gulwani Gustavo Petri Arie Gurfinkel Ruzica Piskac Miguel Go´mez-Zamalloa Corneliu Popeea Julien Henry Noam Rinetzky Kihong Heo Sukyoung Ryu Jochen Hoenicke Oliver Ru¨thing Arnault Ioualalen Yassamine Seladji Franc¸ois Irigoin Mihaela Sighireanu Deokhwan Kim Axel Simon Andy King Fausto Spoto Tim King Tullio Vardanega Soonho Kong Alexander Wenner Michael Kuperstein Enea Zaffanella Vincent Laviron Damiano Zanardini Oukseh Lee Sponsoring Institutions E´cole Normale Sup´erieure, CNRS, INRIA Table of Contents Invited Talks Computer-Aided Cryptographic Proofs ............................. 1 Gilles Barthe, Benjamin Gr´egoire, and Santiago Zanella B´eguelin A Voyage to the Deep-Heap ....................................... 3 Dino Distefano Semantics and Analyses for JavaScript and the Web.................. 4 Shriram Krishnamurthi Efficient May Happen in Parallel Analysis for Async-Finish Parallelism...................................................... 5 Jonathan K. Lee, Jens Palsberg, Rupak Majumdar, and Hong Hong Contributed Papers Modular Static Analysis with Zonotopes ............................ 24 Eric Goubault, Sylvie Putot, and Franck V´edrine PolyhedralAnalysis Using Parametric Objectives .................... 41 Jacob M. Howe and Andy King Inference of PolynomialInvariants for Imperative Programs:A Farewell to Gro¨bner Bases ................................................ 58 David Cachera, Thomas Jensen, Arnaud Jobin, and Florent Kirchner A New Abstract Domain for the Representation of Mathematically Equivalent Expressions ........................................... 75 Arnault Ioualalen and Matthieu Martel An Abstract Domain to Infer Types over Zones in Spreadsheets........ 94 Tie Cheng and Xavier Rival Bilateral Algorithms for Symbolic Abstraction ....................... 111 Aditya Thakur, Matt Elder, and Thomas Reps Making Abstract Interpretation Incomplete: Modeling the Potency of Obfuscation ..................................................... 129 Roberto Giacobazzi and Isabella Mastroeni Invariant Generation for ParametrizedSystems Using Self-reflection .... 146 Alejandro Sanchez, Sriram Sankaranarayanan, C´esar S´anchez, and Bor-Yuh Evan Chang X Table of Contents Automatic Fence Insertion in Integer Programs via Predicate Abstraction ..................................................... 164 Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Carl Leonardsson, and Ahmed Rezine Control Flow Analysis for the Join Calculus ......................... 181 Peter Calvert and Alan Mycroft When the Decreasing Sequence Fails ............................... 198 Nicolas Halbwachs and Julien Henry Loop Leaping with Closures ....................................... 214 Sebastian Biallas, Jo¨rg Brauer, Andy King, and Stefan Kowalewski Path-Sensitive BackwardSlicing ................................... 231 Joxan Jaffar, Vijayaraghavan Murali, Jorge A. Navas, and Andrew E. Santosa Symbolic Learning of Component Interfaces ......................... 248 Dimitra Giannakopoulou, Zvonimir Rakamari´c, and Vishwanath Raman Liveness-BasedPointer Analysis ................................... 265 Uday P. Khedker, Alan Mycroft, and Prashant Singh Rawat Succinct Representations for Abstract Interpretation: Combined Analysis Algorithms and Experimental Evaluation ................... 283 Julien Henry, David Monniaux, and Matthieu Moy Craig Interpretation.............................................. 300 Aws Albarghouthi, Arie Gurfinkel, and Marsha Chechik Satisfiability Solvers Are Static Analysers ........................... 317 Vijay D’Silva, Leopold Haller, and Daniel Kroening A Generalization of St˚almarck’s Method ............................ 334 Aditya Thakur and Thomas Reps A Structural Soundness Proof for Shivers’s Escape Technique: A Case for Galois Connections............................................ 352 Jan Midtgaard, Michael D. Adams, and Matthew Might Modular Heap Analysis for Higher-Order Programs .................. 370 Ravichandhran Madhavan, G. Ramalingam, and Kapil Vaswani Binary Reachability Analysis of Higher Order Functional Programs .... 388 Rusla´n Ledesma-Garza and Andrey Rybalchenko Table of Contents XI On the Limits of the Classical Approach to Cost Analysis ............. 405 Diego Esteban Alonso-Blas and Samir Genaim Termination Proofs for Linear Simple Loops......................... 422 Hong Yi Chen, Shaked Flur, and Supratik Mukhopadhyay Finding Non-terminating Executions in Distributed Asynchronous Programs ....................................................... 439 Michael Emmi and Akash Lal Author Index.................................................. 457 Computer-Aided Cryptographic Proofs Gilles Barthe1, Benjamin Gr´egoire2, and Santiago Zanella B´eguelin3 1 IMDEA Software Institute 2 INRIASophiaAntipolis - M´editerran´ee 3 Microsoft Research Provablesecurity[6]isattheheartofmoderncryptography.Itadvocatesamath- ematical approach in which the security of new cryptographic constructions is defined rigorously, and provably reduced to one or several assumptions, such as the hardness of a computational problem, or the existence of an ideal function- ality. A typical provable security statement is of the form: for all adversary A against the cryptographic construction S, there exists an adversary B against a security assumption H, such that if A has a high probability of breaking the schemeS intime t, thenB hasa highprobabilityofbreakingthe assumption H in time t(cid:2) (defined as a function of t). EasyCrypt [1] is a framework for building and verifying machine-checked se- curity proofs for cryptographic constructions in the computational model. Fol- lowing the code-based approach [4], EasyCrypt uses probabilistic programs with adversarialcomputationstoformulateunambiguouslyreductionistarguments.In EasyCrypt, cryptographic constructions are modelled as probabilistic programs, andtheir security is givenby the probabilityofaneventina experiment, where anadversaryinteractswiththe construction;similarly,securityassumptionsare stated in terms of the probability of an event in a probabilistic experiment. The key novelty of EasyCrypt (and its predecessor CertiCrypt [2]) is to provide programming languages tools to capture common reasoning patterns in cryp- tographic proofs. In particular, EasyCrypt provides support for a probabilistic relational Hoare Logic (pRHL) [2], whose judgments |= c ∼ c : Ψ ⇒ Φ relate 1 2 two probabilistic programs c and c (that typically involve adversarial code) 1 2 relative to a pre-condition Ψ and a post-condition Φ, both defined as relations overprogramstates.Informally,ajudgmentisvalidiffforeveryinitialmemories thatarerelatedbythepre-condition,thesub-distributionsoffinalmemoriesare related by the lifting of the post-condition to distributions; the definition of the liftingoperatorLisadoptedfromprobabilisticprocessalgebra[7],andhasclose connections with the Kantorovich metric, and with flow networks [5]. As secu- rity properties are typically expressed in terms of probability of events rather than pRHL judgments, EasyCrypt implements mechanisms to derive from valid judgments probability claims, i.e. inequalities between expressions of the form Pr[c,m:S] that denote the probability of the event S in the sub-distribution (cid:2)c(cid:3) m. To automate reasoningin pRHL, EasyCrypt implements an automatedproce- durethatgivenalogicaljudgmentinvolvingloop-freeclosedprograms,computes A.Min´eandD.Schmidt(Eds.):SAS2012,LNCS7460,pp.1–2,2012. (cid:3)c Springer-VerlagBerlinHeidelberg2012